diff options
author | Tim Jenssen <tim.jenssen@nokia.com> | 2011-02-21 16:30:31 +0100 |
---|---|---|
committer | Tim Jenssen <tim.jenssen@nokia.com> | 2011-02-21 16:41:32 +0100 |
commit | 8457830abdca9d5769e2ec1bdbfb793a05e6c5dd (patch) | |
tree | 4c9e87efd34104ec59ae31efd0394e998a2434f7 /binarysign |
init commit
Diffstat (limited to 'binarysign')
-rw-r--r-- | binarysign/README | 35 | ||||
-rw-r--r-- | binarysign/TestPublisher.cer | bin | 0 -> 449 bytes | |||
-rw-r--r-- | binarysign/TestPublisher.der | bin | 0 -> 609 bytes | |||
-rw-r--r-- | binarysign/TestPublisher.pem | 15 | ||||
-rw-r--r-- | binarysign/TestPublisher.pvk | bin | 0 -> 636 bytes | |||
-rw-r--r-- | binarysign/TestPublisher.spc | bin | 0 -> 496 bytes | |||
-rw-r--r-- | binarysign/scripts/generate-keys.sh | 29 | ||||
-rw-r--r-- | binarysign/sign.sh | 5 | ||||
-rw-r--r-- | binarysign/testcert.cer | bin | 0 -> 539 bytes | |||
-rw-r--r-- | binarysign/testcert.pvk | bin | 0 -> 636 bytes |
10 files changed, 84 insertions, 0 deletions
diff --git a/binarysign/README b/binarysign/README new file mode 100644 index 000000000..3c9ef95cc --- /dev/null +++ b/binarysign/README @@ -0,0 +1,35 @@ +== How to create a test certificate == + +Install the .net SDK (for makecert and signtool) +In theory, it should also work with openssl >= 0.9.9, but I have 0.9.8 everywhere and 1.0.0beta didn't compile. + +On an SDK prompt, type + +makecert -r -pe -ss TestCertStoreName -n "CN=SDK Test Certificate" -sv testcert.pvk testcert.cer + + +PASSPHRASE => The checked in testcert.pvk has the passphrase "test" + +== How to sign a binary == + +These are the steps I took to create a test signature. You need test certificate (.cer from above), test private key (.pvk from above) and the binary to sign. + +signtool signwizard + +* Choose the .exe to sign +* Next +* Choose Custom +* Next +* Choose "Select From File", select testcert.cer +* Next +* Browse..., select testcert.pvk +* Next +* Enter passphrase +* Choose hash algorithm. Tested with sha1. +* Next +* Next +* Enter something for description and web location +* Next +* Next +* Finish + diff --git a/binarysign/TestPublisher.cer b/binarysign/TestPublisher.cer Binary files differnew file mode 100644 index 000000000..1aff4f9f6 --- /dev/null +++ b/binarysign/TestPublisher.cer diff --git a/binarysign/TestPublisher.der b/binarysign/TestPublisher.der Binary files differnew file mode 100644 index 000000000..b95ace196 --- /dev/null +++ b/binarysign/TestPublisher.der diff --git a/binarysign/TestPublisher.pem b/binarysign/TestPublisher.pem new file mode 100644 index 000000000..f696dbfdd --- /dev/null +++ b/binarysign/TestPublisher.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDvgUoPb83ezhUlxjK84ua5ZCNdoIZUF5DoU64nJ6fLCd1xXKQ6 +w9Kdn3jAIiAUVzGWNv6PBlO0J/ywFl+vo2D/aRx6ilyXunWdXnlYZx5bxetrMQtR +nrUvfYqEylzVAthFuFJptcSTOcS16b5WljYB+hvbq025eOq6H1PlDWh9zwIDAQAB +AoGBAO446RNFn723ua0i4KCkB93qzop3+mR2NDoB0b08Ylc/7rSs8uVIlZsWXaKt +zr6so7PH65cTMfqFs37qIi6vEO/OZQRlxDj0pNM0mVgogSFXZK3TIWgzCIxtgrCw +PVwgE9akwD0tiT45OpRZaBouh8w8mhXIUXLbsoA+p/jeglnRAkEA983y0VYLugeU +1spTR+mf2BEgCZInmCakyvvCz3ThGGWwtGDt/gDeprSFgP8FXGzOQ+Z9bPwskPjt +1c499fhjFQJBAPdtErA76DupO54bICpUp7m0+uv4lOY7mdczvVeirtiUMD2TZScj +jduoo0HHlvJ5uknM1PAxgevHrsQA5A5OZlMCQAekRTmpYqEw/KkHAjx0euZp2MgS +xr/NaUWNL/u/yfU7pZBacNxlYHhZlshclOi9vjqfz/xdZm5uDr+KJaUBLOUCQQCC +YtA+XtN63Su1ncXNiN76Vg0E3PJagX4IkhNtYyWQrEbfrBTaEzpmTu/5chxxmwQ4 +b+Cm0vAMOCY4099aSqZRAkBDmslMna035kmp6Lm3hnawFwYp1IhhptPJfbWrn9bi +in04qSbpd2GlhZeTL62HSuOjkhq9jog7/Ql8GoDlYXtu +-----END RSA PRIVATE KEY----- diff --git a/binarysign/TestPublisher.pvk b/binarysign/TestPublisher.pvk Binary files differnew file mode 100644 index 000000000..9552c1ad7 --- /dev/null +++ b/binarysign/TestPublisher.pvk diff --git a/binarysign/TestPublisher.spc b/binarysign/TestPublisher.spc Binary files differnew file mode 100644 index 000000000..130142fca --- /dev/null +++ b/binarysign/TestPublisher.spc diff --git a/binarysign/scripts/generate-keys.sh b/binarysign/scripts/generate-keys.sh new file mode 100644 index 000000000..2d4f19c32 --- /dev/null +++ b/binarysign/scripts/generate-keys.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Usage: generate-keys.sh certname" + exit 1 +fi + +NAME=$1 + +echo Creating RSA key... + +openssl genrsa -out $NAME-rsaprivkey.pem 1024 +openssl rsa -in $NAME-rsaprivkey.pem -pubout -outform DER -out $NAME-rsapubkey.der +openssl pkcs8 -topk8 -inform PEM -outform DER -in $NAME-rsaprivkey.pem -out $NAME-rsaprivkey.der -nocrypt + +echo Creating DSA key... + +openssl dsaparam -out $NAME-dsaparam.pem 1024 +openssl gendsa -out $NAME-dsaprivkey.pem $NAME-dsaparam.pem + +openssl dsa -in $NAME-dsaprivkey.pem -outform DER -pubout -out $NAME-dsapubkey.der +openssl pkcs8 -topk8 -inform PEM -outform DER -in $NAME-dsaprivkey.pem -out $NAME-dsaprivkey.der -nocrypt + +echo Creating X.509 Certificate... + +openssl genrsa -des3 -out $NAME-ca.key 4096 +openssl req -new -x509 -days 365 -key $NAME-ca.key -outform DER -out $NAME-ca.cer +openssl req -new -x509 -days 365 -key $NAME-ca.key -out $NAME-ca.crt +openssl crl2pkcs7 -nocrl -certfile $NAME-ca.cer -out $NAME-ca.p7b -certfile $NAME-ca.crt diff --git a/binarysign/sign.sh b/binarysign/sign.sh new file mode 100644 index 000000000..3377b91ce --- /dev/null +++ b/binarysign/sign.sh @@ -0,0 +1,5 @@ + osslsigncode -spc TestPublisher.spc -key TestPublisher.der \ + -n "The Installer" -i http://www.yourwebsite.com/ \ + -in $1.exe -out $1-signed.exe + + diff --git a/binarysign/testcert.cer b/binarysign/testcert.cer Binary files differnew file mode 100644 index 000000000..69e550a57 --- /dev/null +++ b/binarysign/testcert.cer diff --git a/binarysign/testcert.pvk b/binarysign/testcert.pvk Binary files differnew file mode 100644 index 000000000..306de11a1 --- /dev/null +++ b/binarysign/testcert.pvk |